Breadth of cybersecurity challenge remains daunting

By Defense Systems Staff

Aug 24, 2012

The complexity of the cybersecurity problem, a lack of understanding by some in charge of cybersecurity decision-making and unrealistic expectations are hindering the government's ability to develop and implement effective cybersecurity protections, reports FCW, a sister publication of Defense Systems.

At DOD, cyberspace is still a relatively new domain of warfare, which means there’s a lot of ground to cover as U.S. Cyber Command, its service components and other cyber-focused organizations become fully operational, the story said.

"The roles and responsibilities and overarching understanding are still evolving. You’re talking about a lot of moving parts, with new command structure, new doctrine and a new rapid-response acquisition process – and trying to build that out to a functioning state that everyone understands,” said former Army CIO/G6 Lt. Gen. Jeff Sorenson, now partner and vice president at A.T. Kearney. “They’re still practicing on the football field. The actual execution is going to take a little time.”

One former DOD official pointed out that’s it’s necessary to have the right kind of leadership in place to negotiate the complex challenges that exist.

“There are more processes and bureaucracies in the government than ever before. The size of DOD has increased because of the Global War on Terror. There are more checks and balances than ever,” said Gary Winkler, former Army Program Executive Officer–Enterprise Information Systems and now founder and CEO of Cyber Solutions. “Not everyone in the government is a change agent. Who is it going to be to work through the processes and bureaucracies? It’s hard to find a champion to institute that kind of change.”

The expectations posed about congressional action on cybersecurity also might be unreastic, given the scope and complexity of the problem, the story said.

“This is extraordinarily complex issue to deal with. The timeline by which [lawmakers] were expecting results – in some cases 180 days – that was probably a bit too far,” Sorenson said.

Despite the appearance of legislative malaise, there is a flurry of action behind the scenes endeavoring to better secure U.S. interests in cyberspace, the story said.

“To say that we’re at more risk because [the plans are delayed], I don’t think is accurate. Every day people are working this issue, working to solve the vulnerabilities and working to make the network more hardened and capable. There is tremendous work being done on the inside that’s not being publicized,” Sorenson said.